• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.3-15
• /
• 2003

The secure group communication enables the members, which belong to the same group, to communicate each other in a secure and secret manner. To do so, it is the most important that a group key is securely distributed among them and also group membership is efficiently managed. In detail, the generation, the distribution and the refreshment of a group key would be highly regarded in terms of low communication and computation complexity. In this paper, we show you a new protocol to generate a group key which will be safely shared within a group, utilizing the 2-party Diffie-Hellman key exchange protocol and the complete binary tree. Our protocol has less complexity of computation per group member by substituting many parts of exponentiation computations for multiplications. Consequently, each group member needs constant computations of exponentiation and multiplication regardless of the group size in the protocol and then it has less complexity of the computation than that of any other protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.41-55
• /
• 2005

A group key agreement protocol allows a group of user to share a key which may later be used to achieve certain cryptographic goals. In this paper, we propose a new scalable two-round ID-based group key agreement protocol which would be well fit to a Pay-TV system, additionally. to the fields of internet stock quotes, audio and music deliveries, software updates and the like. Our protocol improves the three round poop key agreement protocol of Nam et al., resulting in upgrading the computational efficiency by using the batch verification technique in pairing-based cryptography. Also our protocol simplifies the key agreement procedures by utilizing ID-based system. We prove the security of our protocol under the Computational Diffie-Hellman assumption and the Bilinear Decisional Diffie-Hellman assumption. Also we analyze its efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.89-103
• /
• 2001

Through the increment of requirement for group oriented communication services, the multicast infrastructure based on a wire and wireless network has become a widely discussed researching topic. However the research of the security properties safety, efficiency and scaleability in a multicast structure, has not been enough. In this study, we propose a scalable secure multicast key management structure based on PKI(Public Key Infrastructure), IPSec, domain subgroup and structural two mode scheme to provide a integrated multicast service. Also we discuss and propose the digital nominative group signature a refreshing method for satisfying the security and trusty on the network. At the base of this work we certify to the usability of new proposed scheme from comparing it with conventional schemes in the part of safety, efficiency and scaleability.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4345-4363
• /
• 2021

Deep Learning as a Service (DLaaS), utilizing the cloud-based deep neural network models to provide customer prediction services, has been widely deployed on mobile cloud computing (MCC). Such services raise privacy concerns since customers need to send private data to untrusted service providers. In this paper, we devote ourselves to building an efficient protocol to classify users' images using the convolutional neural network (CNN) model trained and held by the server, while keeping both parties' data secure. Most previous solutions commonly employ homomorphic encryption schemes based on Ring Learning with Errors (RLWE) hardness or two-party secure computation protocols to achieve it. However, they have limitations on large communication overheads and costs in MCC. To address this issue, we present LeHE4SCNN, a scalable privacy-preserving and communication-efficient framework for CNN-based DLaaS. Firstly, we design a novel low-expansion rate homomorphic encryption scheme with packing and unpacking methods (LeHE). It supports fast homomorphic operations such as vector-matrix multiplication and addition. Then we propose a secure prediction framework for CNN. It employs the LeHE scheme to compute linear layers while exploiting the data shuffling technique to perform non-linear operations. Finally, we implement and evaluate LeHE4SCNN with various CNN models on a real-world dataset. Experimental results demonstrate the effectiveness and superiority of the LeHE4SCNN framework in terms of response time, usage cost, and communication overhead compared to the state-of-the-art methods in the mobile cloud computing environment.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.5
• /
• pp.19-32
• /
• 2009

In this paper, we design thin-client framework capable of application sharing & data access on the Internet, and apply related skills, such as X windows system, pseudo server, CODA file system, MPI(Message Passing Interface). We suggest a framework for the thin client to access data produced by working on a server optimally as well as to run server side application, even in the case of network down. Additionally, it needed to reflect all local computing changes to remote server when network is restored. To design thin client framework with these characteristics, in this paper, we apply distributed pseudo server and CODA file system to our framework, also utilize MPI for the purpose of more efficient computing & management. It allows for implementation of network independent computing environment of thin client, also provide scalable application service to numerous user through the elimination of bottleneck on caused by server overload. In this paper, we discuss the implementing method of thin client framework in detail.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.4
• /
• pp.661-670
• /
• 2023

With the emergence of serverless computing paradigm and the innovations of cloud technology, the structure of backend server infrastructure has evolved from on-premises to container-based serverless computing. However, an access control on the server still heavily relies on the traditional SSH protocol, which poses limitations in terms of security and scalability. This hampers user convenience and productivity in managing server infrastructure. A web shell is an interface that allows easy access to servers and execution of commands from any device with a web browser. While hackers often use it to exploit vulnerabilities in servers, we pay attention to the high portability of web shell technology for server management. This study proposes a novel proxy-based server management framework utilizing web shell technology. Our evaluation demonstrates that the proposed framework addresses the drawbacks of SSH without additional overhead, and efficiently operates large-scale infrastructures in diverse computing environments.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.871-874
• /
• 2011

The fast emerging of network technology and the high demand of computing resources have prompted many organizations to outsource their storage and computing needs. Cloud based storage services such as Microsoft's Azure and Amazon's S3 allow customers to store and retrieve any amount of data, at anytime from anywhere via internet. The scalable and dynamic of the cloud storage services help their customer to reduce IT administration and maintenance costs. No doubt, cloud based storage services brought a lot of benefits to its customer by significantly reducing cost through optimization increased operating and economic efficiencies. However without appropriate security and privacy solution in place, it could become major issues to the organization. As data get produced, transferred and stored at off premise and multi tenant cloud based storage, it becomes vulnerable to unauthorized disclosure and unauthorized modification. An attacker able to change or modify data while data inflight or when data is stored on disk, so it is very important to secure data during its entire life-cycle. The traditional cryptography primitives for the purpose of data security protection cannot be directly adopted due to user's lose control of data under off premises cloud server. Secondly cloud based storage is not just a third party data warehouse, the data stored in cloud are frequently update by the users and lastly cloud computing is running in a simultaneous, cooperated and distributed manner. In our proposed mechanism we protect the integrity, authentication and confidentiality of cloud based data with the encrypt- then-upload concept. We modified and applied proxy re-encryption protocol in our proposed scheme. The whole process does not reveal the clear data to any third party including the cloud provider at any stage, this helps to make sure only the authorized user who own corresponding token able to access the data as well as preventing data from being shared without any permission from data owner. Besides, preventing the cloud storage providers from unauthorized access and making illegal authorization to access the data, our scheme also protect the data integrity by using hash function.

• Journal of Information Technology Services
• /
• v.23 no.1
• /
• pp.37-53
• /
• 2024

Recently, the application of microservice architecture has been increasing as information systems have shifted to cloud environments. The purpose of this paper was to analyze the case of applying microservice architecture to MES in the manufacturing field, summarize the results of how it was applied in practice, and find out the effects of the application. Based on the improvement project by applying microservice architecture to the existing steel manufacturing MES, 11 principles of microservice application were derived through literature research, and the implementation process and results were summarized according to these principles. In addition, through a comparison of systems in the service industry and the manufacturing industry, we investigated why the application of microservices was more active in the service industry and whether the application in the manufacturing industry can be expected to have the same effect. We also evaluated the results and changes in the overall system after implementation. In particular, we analyzed the SR (Service Request) processing status of users' requests for system changes and operators' requests to see how much the lead time was reduced. The results showed that 8 out of 11 microservice application principles were properly implemented according to the principles, but the remaining 3 were not applicable due to practical difficulties and organizational circumstances. Despite not following all of the principles, the project was able to be implemented without any problems, and the most noticeable change as a result of the microservices architecture was that the lead time was reduced by 9 days compared to the previous system. This proves that it is possible to quickly adapt to customer requirements, and it also proves that the system is more flexible and scalable than the existing monolithic system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.5
• /
• pp.1390-1411
• /
• 2024

Underwater Wireless Sensors Networks (UWSNs) are deployed in remotely monitored environment such as water level monitoring, ocean current identification, oil detection, habitat monitoring and numerous military applications. Providing scalable and efficient routing is very challenging in UWSNs due to the harsh underwater environment. The biggest difficulties are the nodes inherent movement due to water current, long delay in data transmission, low bandwidth of the acoustic signal, high error rate and energy scarcity in battery powered nodes. Many routing protocols have been proposed to solve the aforementioned problems. There are three broad categories of routing protocols namely depth based, energy based and vector-based routing. Vector Based Forwarding protocols perform routing through virtual pipeline by defining their radius which give proper direction to packets communication. We proposed a routing protocol termed as Path-Oriented Energy Scaled Expanded Vector Based Forwarding (PESEVBF). PESEVBF takes into account all parameters; holding time, the source nodes packets routing path and void holes creation on the second hop; PESEVBF not only considers the packet upward advancement but also focus on density of the forwarded nodes in terms of number of potential forwarding and suppressed nodes for path selection. Node selection in resultant holding time is based on minimum Path Factor (PF) value. Moreover, the suppressed node will be selected for packet forwarding to avoid the void holes occurrences on the second hop. Performance of PESEVBF is compared with other routing protocols using matrices such as energy consumption, packet delivery ratio, packets dropping ratio and duplicate packets creation indicating considerable performance improvement.

• International Journal of Computer Science & Network Security
• /
• v.24 no.8
• /
• pp.32-42
• /
• 2024

The Internet of Things (IoT) is set to transform patient care by enhancing data collection, analysis, and management through medical sensors and wearable devices. However, the convergence of IoT device vulnerabilities and the sensitivity of healthcare data raises significant data integrity and privacy concerns. In response, this research introduces the Smart-Coord system, a practical and affordable solution for securing healthcare IoT. Smart-Coord leverages blockchain technology and coordinate-based access management to fortify healthcare IoT. It employs IPFS for immutable data storage and intelligent Solidity Ethereum contracts for data integrity and confidentiality, creating a hierarchical, AES-CBC-secured data transmission protocol from IoT devices to blockchain repositories. Our technique uses a unique coordinate system to embed confidentiality and integrity regulations into a single access control model, dictating data access and transfer based on subject-object pairings in a coordinate plane. This dual enforcement technique governs and secures the flow of healthcare IoT information. With its implementation on the Matic network, the Smart-Coord system's computational efficiency and cost-effectiveness are unparalleled. Smart-Coord boasts significantly lower transaction costs and data operation processing times than other blockchain networks, making it a practical and affordable solution. Smart-Coord holds the promise of enhancing IoT-based healthcare system security by managing sensitive health data in a scalable, efficient, and secure manner. The Smart-Coord framework heralds a new era in healthcare IoT adoption, expertly managing data integrity, confidentiality, and accessibility to ensure a secure, reliable digital environment for patient data management.